Metasploit mailing list archives
Loading meterpreter extensions in ms 3.0 beta (shedding new light...)
From: 0xlukej at gmail.com (Luke J)
Date: Fri, 2 Mar 2007 02:58:48 +0000
I used the Dependency Walker (http://www.dependencywalker.com presuming that is what you meant by depends.exe?) and that seemed to report that all dependencies were found. The only difference I noted was that the debug version links against USER32.DLL which the release version doesn't. Strange. Oh well, at least people should know how to get around this problem now. Thanks for your input, skape. On 3/2/07, mmiller at hick.org <mmiller at hick.org> wrote:
On Thu, Mar 01, 2007 at 11:52:08PM +0000, Luke J wrote:I added that debug line and it is reporting the correct size which is strange. So the problem must be in the transport to the server, thehandlingat the server or just plainly a win2k3 problem. I tried adding some debugging statements to files that make upmetsrv.dll toget it to write logs to keep track of stuff but couldn't even seem toget itto write to files for some reason. My general C knowledge is OK but my windows programming isn't really upto scratch so maybe I'm missing something. I might attach a debugger at some point but other than that I guessmaybethis will be an unsolved mystery. The VNC DLL is fine at 300k+ in sizeso Iimagine maybe this isn't going to be much of an issue practically unless someone wants to write a huge extension.Also, since you're compiling with VS 2005, it's most likely the case that you're linking to the runtime CRT (msvcrt). When you compile in debug mode, it'll link against the debug CRT DLLs. It's possible that the target system doesn't have these DLLs. That may be why the extension DLL is failing to load on the server side, and may also explain why it works when you compile in release mode (since the release CRT DLLs are more likely to be present). You can test this by copying the extension DLL manually to the target machine and using a tool like depends.exe to see if any of the dependent DLLs/imports are missing.
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070302/65b08956/attachment.htm>
Current thread:
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta mmiller at hick.org (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Feb 28)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Feb 28)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Luke J (Mar 01)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) mmiller at hick.org (Feb 28)
- Loading meterpreter extensions in ms 3.0 beta (shedding new light...) Alexander Sotirov (Mar 01)
- <Possible follow-ups>
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta mmiller at hick.org (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 03)
- Loading meterpreter extensions in ms 3.0 beta Vedran V. (Feb 08)